winpr/ssl: Load legacy provider when initializing OpenSSL 3.0

With OpenSSL 3.O, FreeRDP log contains errors like:

```
4036740A4C7F0000:error:0308010C:digital envelope routines:
inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346:
Global default library context, Algorithm (MD4 : 85), Properties ()
```

This leads to connection failures in some cases. This is because algorithms
like MD4 are now part of the legacy provider, which is not loaded by
default. Let's explicitly load that provider. With this change, also the
other provides has to be explicitely loaded.
This commit is contained in:
Ondrej Holy 2021-11-16 16:12:33 +01:00
parent 5537667e0c
commit 1783d65541

View File

@ -33,6 +33,10 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
#include <openssl/provider.h>
#endif
#include "../log.h"
#define TAG WINPR_TAG("utils.ssl")
@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags)
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
OSSL_PROVIDER_load(NULL, "fips");
if (!EVP_default_properties_is_fips_enabled(NULL))
#else
if (FIPS_mode() != 1)
@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
return FALSE;
#endif
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
/* The legacy provider is needed for MD4. */
OSSL_PROVIDER_load(NULL, "legacy");
OSSL_PROVIDER_load(NULL, "default");
#endif
g_winpr_openssl_initialized_by_winpr = TRUE;
return winpr_enable_fips(flags);
}